315 matches found
Mozilla Firefox Denial of Service Vulnerability (CNVD-2016-00847)
Mozilla Firefox on Android is an open source web browser for the Android platform. The 'MoofParser::Metadata' function in the binding/MoofParser.cpp file in the Mozilla Firefox libstagefright library fails to limit the size of the result of a read operation, allowing remote attackers to conduct...
CVE-2016-1948
Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream...
CVE-2016-1943
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method...
CVE-2016-1948
Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream...
Mozilla Firefox for Android < 41.0 Unknown Protocol Pasted URL Handling Spoofing
Binary data 9017.prm...
CVE-2015-2714
Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READLOGS permission for the...
Mozilla Firefox for Android DNS Spoofing Vulnerability
Mozilla Firefox is a popular web browser, and Google Android is a Linux-based open source operating system used mainly in portable devices. A security vulnerability exists in Mozilla Firefox for Android DNS resolution, as the PRNG implementation in DNS resolver fails to correctly use time and PID...
CVE-2014-1566
Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because o...
Mozilla Firefox for Android < 28.0 Multiple Vulnerabilities
Binary data 8174.prm...
CVE-2014-1501
Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection...
CVE-2013-1727
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting XSS attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file...
CVE-2013-0790
Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service stack memory corruption and application crash or possibly execute arbitrary code via unknown vectors involving a plug-in...
CVE-2013-0798
Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the apptmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which apptmp is used...
CVE-2012-3979
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the androidlogprint function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function...
PT-2012-5107 · Mozilla +1 · Firefox +1
Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 15.0 on Android Description: The issue is related to the improper implementation of unspecified callers of the android log print function in Mozilla Firefox on Android. This allows remote attackers to execute...